Decentralized exchange LeetSwap, which operates on Coinbase’s Base network, has announced a pause on trading, citing concerns of a potential exploit.
LeetSwap tweeted on Aug. 1 that it noticed some of its liquidity pools may have been compromised and temporarily stopped trading to investigate. In a subsequent update, the exchange said it is working with on-chain security experts to try to recover locked liquidity.
As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.
— LeetSwap (@LeetSwap) August 1, 2023
While the exchange did not share many details, a number of blockchain sleuths have since provided some commentary about how the exploit is likely to have taken place.
Algorithmic market maker Wintermute’s research head, Igor Igamberdiev, believes the attacker used an exposed smart contract function, allowing them to increase the price of a token which would then allow them to drain wrapped Ether (ETH) from LeetSwap’s liquidity pools.
It was easy:
– swap a bit of WETH for X tokens (should have fees)
– call _transferFeesSupportingTaxTokens(address, uint256) to move token to a Fees contract
– call sync()
– swap X…
